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DETAILED ACTION 
Response to Amendment 

1 . Applicant's amendments filed 06/14/07 with regard to claims 1-23 and the specification 
have been accepted and entered. Claims 1 - 23 are still pending. 

Drawings 

2. The drawings were received on 06/14/07. These drawings are acceptable. 

Response to Arguments 

3. Applicant's arguments, see page 11, filed 04/16/07, with respect to claims 1 - 23 have 
been fully considered and are persuasive. The rejection under 35 USC 102(b) as being 
anticipated by Togawa et at. in US Patent No. 5918008 has been withdrawn. However, upon 
further consideration, a new ground(s) of rejection is made in view of Hypponen et al. and Liang 
et al. 

Terminal Disclaimer 

4. The terminal disclaimer filed on 04/16/2007 disclaiming the terminal portion of any patent 
granted on this application which would extend beyond the expiration date of the full statutory 
term defined in 35 U.S.C. §154 to §156, and § 173 of any patent granted on Application No. 
10/683,579, filed on October 9, 2007, has been reviewed and is NOT accepted. 

a. The person who signed the terminal disclaimer is not recognized as an officer of 
the assignee, and he/she has not been established as being authorized to act on behalf 
of the assignee. See MPEP § 324. 

An attorney or agent, not of record, is not authorized to sign a terminal disclaimer in the 
capacity as an attorney or agent acting in a representative capacity as provided by 37 CFR 1.34 
(a). See 37 CFR 1.321(b) and/or (c). 
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It would be acceptable for a person, other than a recognized officer, to sign a terminal 
disclaimer, provided the record for the application includes a statement that the person is 
empowered to sign terminal disclaimers and/or act on behalf of the organization. 

Accordingly, a new terminal disclaimer which includes the above empowerment 
statement will be considered to be signed by an appropriate official of the assignee. A 
separately filed paper referencing the previously filed terminal disclaimer and containing a 
proper empowerment statement would also be acceptable. 

It should be noted that applicant is not required to pay another disclaimer fee as set forth 
in 37 CFR 1.20(d) when submitting a replacement or supplemental terminal disclaimer. 

Accordingly the double patenting rejection has not been overcome and is therefore 
maintained. 

Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent 
possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting 
rejection is appropriate where the conflicting claims are not identical, but at least one examined 
application claim is not patentably distinct from the reference claim(s) because the examined 
application claim is either anticipated by, or would have been obvious over, the reference 
claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re 
Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 
USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re 
Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double patenting 
ground provided the conflicting application or patent either is shown to be commonly owned with 
this application, or claims an invention made as a result of activities undertaken within the scope 
of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). 

5. Claims 1 -23 are provisionally rejected on the ground of nonstatutory obviousness-type 

double patenting as being unpatentable over claims 1 -33 of copending Application No. 
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10683579 (hereinafter App. No '579). Although the conflicting claims are not identical, they are 
not patentably distinct from each other because Applicants' virus sensor operates in the same 
manner as the network virus/worm sensor in the copending Application. Considering claim 1 of 
the instant Application, the "switch" operation is later identified in claim 2 to be a function of the 
traffic controller whereas in copending App. No. '579 the limitation of the switching of modes as 
facilitated by the traffic controller is present in claim 1 along with the other functions of the 
network virus/worm sensor. 

This is a provisional obviousness-type double patenting rejection because the conflicting 
claims have not in fact been patented. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claims 10-23 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant regards 
as the invention. 

7. Claims 10-23 are rejected under 35 U.S.C. 112, second paragraph, as failing to set 
forth the subject matter which applicant(s) regard as their invention. Evidence that claims 10 - 
23, specifically independent claims 10 and 17 fail(s) to correspond in scope with that which 
applicant(s) regard as the invention can be found in the reply filed 04/16/2007. In that paper, 
applicant has stated that when the virus sensor is in the second mode or inline mode, "the data 
packets determined to be infected or suspected of being infected are not returned to the 
network", and this statement indicates that the invention is different from what is defined in 
claims 10 and 17 because the claim language recites "data packets that are determined not be 
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infected or suspected of infection are not returned to the flow of data packets" (emphasis 
added). 

Claim Rejections - 35 USC §101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

8. Claims 17-23 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. Claim 17 is non-statutory because it fails to recite a 
storage medium which enables any underlying functionality to occur. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between.the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1 - 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hypponen et al. in US PGPub No. 2003/0191957 (US PGPub '957) further in view of Liang et al. 
in US PGPub No. 2003/0208687 (hereinafter US PGPub '687). 

10. For claim 1, and similar claims 10 and 17, US PGPub '957 discloses: 

In a distributed network of interconnected computing devices, a network virus monitor, 
comprising (see Abstract: method for detecting viruses in a computer network...): 

a virus sensor operable arranged to detect a computer virus in the network such that the 
bandwidth of the network is substantially unaffected when data packets are not removed from or 
added to network traffic, but are copied (see [0015]: no viruses identified. . .return transferred 
data... transit nodes...), and wherein when the virus sensor detects the computer virus, the data 
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packets are not copied and wherein a subset of data packets determined to be infected or 
suspected of being infected are not returned to the network (see [0016] - [0018]: store infected 
data... disinfection unsuccessful... disregard..) but does not expressly discloses the steps of 
detecting the computer viruses by switching between a number of modes (i.e. first or standby 
mode and second or inline mode), and wherein the virus monitor is able to collect network 
environment data and assign an IP address to itself, and wherein the virus monitor locates a 
controller in the network and registers itself with the controller, from where the virus monitor 
receives a rule set and an outbreak prevention policy (OPP). 

Liang et al. however in US PGPub '687 however does disclose detecting the computer 
viruses by switching between a number of modes (i.e. first and second modes) (see [0034]: 
mode switching for virus software...), and wherein the virus monitor is able to collect network 
environment data and assign an IP address to itself, and wherein the virus monitor locates a 
controller in the network and registers itself with the controller, from where the virus monitor 
receives a rule set and an outbreak prevention policy (OPP) (see [0025]: upgrading virus 
program...). 

Hypponen et al. and Liang et al. are analogous art because they are from the same 
problem solving area (network anti-virus applications). It would be obvious to one of ordinary 
skill in the art at the time of the invention to modify the method of detecting viruses of Hypponen 
et al. such that it would switch between a first and second modes and update the virus 
application with rules and policies to repair and prevent viral outbreaks. The motivation for doing 
so would have been to maximize the effectiveness and efficiency of the antivirus application 
detection by maintaining traffic flow of irrelevant packets, thereby increasing performance on 
suspected packets. 
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For claim 2, US PGPUB '957 teaches: 
A monitor as recited in claim 1, further comprising: 

a traffic controller coupled to the virus sensor and the network arranged to select certain 
data packets wherein the selected data packets are forwarded to the virus sensor, (see [0007] 
and [0025]: means for intercepting...) 

For claim 3, US PGPUB '957 teaches: 
A monitor as recited in claim 2, wherein the traffic controller further comprises: 

a data packet copier operable to generate a copied data packet of each of the selected 
data packets wherein the selected data packets are returned to the network (see [0019], [0022]- 
[0024]: copied...) but does not expressly disclose such a step in a first mode. 

Liang et al. however in US PGPub '687 however does disclose detecting the computer 
viruses by switching between a number of modes (i.e. first and second modes) (see [0034]: 
mode switching for virus software. . . ). 

For claim 4, US PGPUB '957 teaches: 
A monitor as recited in claim 3 wherein the data packet copy unit is disabled in the second 
mode such that the selected data packets are passed to the virus sensor (see [0024] and 
[0036]: transferring means...) but does not expressly disclose such a step in a second mode. 

Liang et al. however in US PGPub '687 however does disclose detecting the computer 
viruses by switching between a number of modes (i.e. first and second modes) (see [0034]: 
mode switching for virus software...). 

For claims 3 and 4 Hypponen et al. and Liang et al. are analogous art because they are 
from the same problem solving area (network anti-virus applications). It would be obvious to one 
of ordinary skill in the art at the time of the invention to modify the method of detecting viruses of 
Hypponen et al. such that it would switch between a first and second modes. The motivation for 
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doing so would have been to maximize the effectiveness and efficiency of the antivirus 
application detection by maintaining traffic flow of irrelevant packets, thereby increasing 
performance on suspected packets. 

For claim 5, US PGPUB '957 teaches: 
A monitor as recited in claim 4, wherein the virus monitor further comprises: 

a data packet protocol identifier coupled to the virus sensor arranged to identify a data 
packet protocol associated with the data packet infected by the computer virus, (see Figure 2 
and associated text: predefined file types... suspect types...) 

For claim 6, US PGPUB '957 teaches: 
A monitor as recited in claim 5, wherein the selected data packets are each associated with the 
data packet protocol associated with the computer virus such that only those data packets 
associated with the identified data packet protocol are selected from the network, (see Figure 2 
and associated text: predefined file types... suspect types...) 

For claim 7, US PGPUB '957 teaches: 
A monitor as recited in claim 1 wherein the virus sensor unit further comprises: 

a filescan module arranged to scan a selected file for the computer virus, (see [0019]: 
data... virus scanning) 

For claim 8, US PGPUB '957 teaches: 
A monitor as recited in claim 7, wherein the filescan unit is remotely located, (see [0031]: 
wireless capability...; [0038]: scanning server 7...) 

For claim 9, US PGPUB '957 teaches: 
A monitor as recited in claim 8, wherein the remotely located filescan unit is used for scan large 
selected files, (see [0043]: scanning server... large volume...) 
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For claim 11, and similar claim 18 US PGPUB '957 teaches: 
A method as recited in claim 10, further comprising: 

isolating a portion of the network infected by the computer virus; and 

cleaning the isolated portion of the network, (see [0015] - [0018]: disinfect...) 

For claim 12, and similar claim 19 US PGPUB '957 teaches: 
A method as recited in claim 10, further comprising: 

sending a virus report to a controller, (see [0016] - [0018]: virus alert message...) 

For claim 13, and similar claim 20 US PGPUB '957 teaches: 
A method as recited in claim 10, further comprising: 

copying selected ones of the flow of data packets from corresponding original data 
packets retrieved from the flow of data packets based upon a packet type; and returning the 
retrieved data packets to the flow of data packets, (see [0015]: return...) 

For claim 14, and similar claim 21 US PGPUB '957 teaches: 
A method as recited in claim 13, wherein the packet type is determined by the detected 
computer virus, (see [0008] and [0036]: type capable of containing virus... ; Figure 2: data file 
types) 

For claim 15, and similar claim 22 US PGPUB '957 teaches: 
A method as recited in claim 14, wherein a network bandwidth associated with the standby 
mode is substantially unaffected by the monitoring (see [0015]) but does not expressly disclose 
the standby mode. 

Liang et al. however in US PGPub '687 however does disclose detecting the computer 
viruses by switching between a number of modes (i.e. standby and inline modes) (see [0034]: 
mode switching for virus software...). 
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For claim 16, and similar claim 23 US PGPUB '957 teaches: 
A method as recited in claim 14, wherein a network bandwidth is reduced by the infected data 
packets that are not returned to the flow of data packets, (see [0016] - [0018]) but does not 
expressly disclose the inline mode. 

Liang et al. however in US PGPub '687 however does disclose detecting the computer 
viruses by switching between a number of modes (i.e. standby and inline modes) (see [0034]: 
mode switching for virus software...). 

For claims 15 and 16 Hypponen et al. and Liang et al. are analogous art because they 
are from the same problem solving area (network anti-virus applications). It would be obvious to 
one of ordinary skill in the art at the time of the invention to modify the method of detecting 
viruses of Hypponen et al. such that it would switch between a first and second modes. The 
motivation for doing so would have been to maximize the effectiveness and efficiency of the 
antivirus application detection by maintaining traffic flow of irrelevant packets, thereby 
increasing performance on suspected packets. 

Interview Summary 

1 1 . The Examiner has included the Interview Summary for the telephonic interview 
conducted 31 May 2007. 

Conclusion 

12. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Laurel Lashley whose telephone number is 571-272-0693. The examiner 
can normally be reached on Monday - Thursday, alt Fridays btw 7:30 am & 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr. can be reached on 571-272-3799. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Laurel Lashley 
Examiner 




